Mon to Fri 8:00AM to 5:00PM
[email protected]
Mon to Fri 8:00AM to 5:00PM
[email protected]

What Is MFA Fatigue and How to Protect Against It

39D Managed IT Services > Blog > Cyber Security > What Is MFA Fatigue and How to Protect Against It

What Is MFA Fatigue and How to Protect Against It

What Is MFA Fatigue and How to Protect Against It

Multi-Factor Authentication (MFA) is one of the best tools for protecting your accounts, but like anything, it’s not fool proof. A rising trend in cybercrime known as MFA fatigue is proving that even good security practices can be exploited.

So, what exactly is MFA fatigue?

Also called prompt bombing, MFA fatigue is when a cybercriminal tries to log in repeatedly using stolen credentials, causing the real user to receive multiple push notifications asking them to approve the login. Eventually, the user may click “approve” just to stop the notifications — unknowingly letting the attacker in.

This method doesn’t break your systems, it breaks your staff’s patience.

Why does MFA fatigue work?

Because people are human. When you’re tired, distracted, or busy, you might think “It must be a glitch” and tap approve without thinking. Attackers rely on that moment of frustration or confusion – and it’s happening more and more in UK businesses.

How can your business prevent it? You don’t need to ditch MFA — you just need to make it smarter:

  • Use number-matching or device confirmation instead of simple “Approve/Decline” prompts.
  • Enable biometric verification (like Face ID or fingerprint).
  • Educate staff about MFA fatigue – awareness is half the battle.
  • Monitor for unusual login activity and alert users proactively.
  • Consider moving to phishing-resistant MFA, such as security keys or passkeys.

At 39D, we help businesses across the UK set up secure, sensible MFA systems that balance protection with practicality. If you’re relying on basic push notifications, it’s time for an upgrade.

Want a quick review of your MFA setup?
Get in touch with 39D for expert, jargon-free advice.

Matthew Southgate is an accomplished Chief Technology Officer (CTO) with a strong passion for technology and a proven track record of driving innovation and success. With over 15 years of experience in the IT industry, Matthew has become a prominent figure in the Essex business community, known for his expertise in providing cutting-edge IT solutions to organizations of all sizes.